2019-04-29 21:25:05 +00:00
|
|
|
// Copyright 2018 The gVisor Authors.
|
2018-07-09 21:03:03 +00:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
// Package ports provides PortManager that manages allocating, reserving and releasing ports.
|
|
|
|
package ports
|
|
|
|
|
|
|
|
import (
|
|
|
|
"math"
|
|
|
|
"math/rand"
|
|
|
|
"sync"
|
2019-09-30 20:54:03 +00:00
|
|
|
"sync/atomic"
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2019-06-13 23:49:09 +00:00
|
|
|
"gvisor.dev/gvisor/pkg/tcpip"
|
2018-04-27 17:37:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2018-09-18 03:42:48 +00:00
|
|
|
// FirstEphemeral is the first ephemeral port.
|
|
|
|
FirstEphemeral = 16000
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2019-09-30 20:54:03 +00:00
|
|
|
// numEphemeralPorts it the mnumber of available ephemeral ports to
|
|
|
|
// Netstack.
|
|
|
|
numEphemeralPorts = math.MaxUint16 - FirstEphemeral + 1
|
|
|
|
|
2018-09-12 16:37:57 +00:00
|
|
|
anyIPAddress tcpip.Address = ""
|
2018-04-27 17:37:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
type portDescriptor struct {
|
|
|
|
network tcpip.NetworkProtocolNumber
|
|
|
|
transport tcpip.TransportProtocolNumber
|
|
|
|
port uint16
|
|
|
|
}
|
|
|
|
|
|
|
|
// PortManager manages allocating, reserving and releasing ports.
|
|
|
|
type PortManager struct {
|
|
|
|
mu sync.RWMutex
|
|
|
|
allocatedPorts map[portDescriptor]bindAddresses
|
2019-09-30 20:54:03 +00:00
|
|
|
|
|
|
|
// hint is used to pick ports ephemeral ports in a stable order for
|
|
|
|
// a given port offset.
|
|
|
|
//
|
|
|
|
// hint must be accessed using the portHint/incPortHint helpers.
|
|
|
|
// TODO(gvisor.dev/issue/940): S/R this field.
|
|
|
|
hint uint32
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
2018-12-28 19:26:01 +00:00
|
|
|
type portNode struct {
|
|
|
|
reuse bool
|
|
|
|
refs int
|
|
|
|
}
|
|
|
|
|
2019-09-27 21:12:35 +00:00
|
|
|
// deviceNode is never empty. When it has no elements, it is removed from the
|
|
|
|
// map that references it.
|
|
|
|
type deviceNode map[tcpip.NICID]portNode
|
|
|
|
|
|
|
|
// isAvailable checks whether binding is possible by device. If not binding to a
|
|
|
|
// device, check against all portNodes. If binding to a specific device, check
|
|
|
|
// against the unspecified device and the provided device.
|
|
|
|
func (d deviceNode) isAvailable(reuse bool, bindToDevice tcpip.NICID) bool {
|
|
|
|
if bindToDevice == 0 {
|
|
|
|
// Trying to binding all devices.
|
2018-12-28 19:26:01 +00:00
|
|
|
if !reuse {
|
2019-09-27 21:12:35 +00:00
|
|
|
// Can't bind because the (addr,port) is already bound.
|
2018-12-28 19:26:01 +00:00
|
|
|
return false
|
|
|
|
}
|
2019-09-27 21:12:35 +00:00
|
|
|
for _, p := range d {
|
|
|
|
if !p.reuse {
|
|
|
|
// Can't bind because the (addr,port) was previously bound without reuse.
|
2018-12-28 19:26:01 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
2019-09-27 21:12:35 +00:00
|
|
|
if p, ok := d[0]; ok {
|
|
|
|
if !reuse || !p.reuse {
|
2018-12-28 19:26:01 +00:00
|
|
|
return false
|
|
|
|
}
|
2019-09-27 21:12:35 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if p, ok := d[bindToDevice]; ok {
|
|
|
|
if !reuse || !p.reuse {
|
2018-12-28 19:26:01 +00:00
|
|
|
return false
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
2019-09-27 21:12:35 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// bindAddresses is a set of IP addresses.
|
|
|
|
type bindAddresses map[tcpip.Address]deviceNode
|
|
|
|
|
|
|
|
// isAvailable checks whether an IP address is available to bind to. If the
|
|
|
|
// address is the "any" address, check all other addresses. Otherwise, just
|
|
|
|
// check against the "any" address and the provided address.
|
|
|
|
func (b bindAddresses) isAvailable(addr tcpip.Address, reuse bool, bindToDevice tcpip.NICID) bool {
|
|
|
|
if addr == anyIPAddress {
|
|
|
|
// If binding to the "any" address then check that there are no conflicts
|
|
|
|
// with all addresses.
|
|
|
|
for _, d := range b {
|
|
|
|
if !d.isAvailable(reuse, bindToDevice) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that there is no conflict with the "any" address.
|
|
|
|
if d, ok := b[anyIPAddress]; ok {
|
|
|
|
if !d.isAvailable(reuse, bindToDevice) {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check that this is no conflict with the provided address.
|
|
|
|
if d, ok := b[addr]; ok {
|
|
|
|
if !d.isAvailable(reuse, bindToDevice) {
|
2018-12-28 19:26:01 +00:00
|
|
|
return false
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
2019-09-27 21:12:35 +00:00
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewPortManager creates new PortManager.
|
|
|
|
func NewPortManager() *PortManager {
|
|
|
|
return &PortManager{allocatedPorts: make(map[portDescriptor]bindAddresses)}
|
|
|
|
}
|
|
|
|
|
|
|
|
// PickEphemeralPort randomly chooses a starting point and iterates over all
|
|
|
|
// possible ephemeral ports, allowing the caller to decide whether a given port
|
|
|
|
// is suitable for its needs, and stopping when a port is found or an error
|
|
|
|
// occurs.
|
|
|
|
func (s *PortManager) PickEphemeralPort(testPort func(p uint16) (bool, *tcpip.Error)) (port uint16, err *tcpip.Error) {
|
2019-09-30 20:54:03 +00:00
|
|
|
offset := uint32(rand.Int31n(numEphemeralPorts))
|
|
|
|
return s.pickEphemeralPort(offset, numEphemeralPorts, testPort)
|
|
|
|
}
|
|
|
|
|
|
|
|
// portHint atomically reads and returns the s.hint value.
|
|
|
|
func (s *PortManager) portHint() uint32 {
|
|
|
|
return atomic.LoadUint32(&s.hint)
|
|
|
|
}
|
|
|
|
|
|
|
|
// incPortHint atomically increments s.hint by 1.
|
|
|
|
func (s *PortManager) incPortHint() {
|
|
|
|
atomic.AddUint32(&s.hint, 1)
|
|
|
|
}
|
|
|
|
|
|
|
|
// PickEphemeralPortStable starts at the specified offset + s.portHint and
|
|
|
|
// iterates over all ephemeral ports, allowing the caller to decide whether a
|
|
|
|
// given port is suitable for its needs and stopping when a port is found or an
|
|
|
|
// error occurs.
|
|
|
|
func (s *PortManager) PickEphemeralPortStable(offset uint32, testPort func(p uint16) (bool, *tcpip.Error)) (port uint16, err *tcpip.Error) {
|
|
|
|
p, err := s.pickEphemeralPort(s.portHint()+offset, numEphemeralPorts, testPort)
|
|
|
|
if err == nil {
|
|
|
|
s.incPortHint()
|
|
|
|
}
|
|
|
|
return p, err
|
|
|
|
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2019-09-30 20:54:03 +00:00
|
|
|
// pickEphemeralPort starts at the offset specified from the FirstEphemeral port
|
|
|
|
// and iterates over the number of ports specified by count and allows the
|
|
|
|
// caller to decide whether a given port is suitable for its needs, and stopping
|
|
|
|
// when a port is found or an error occurs.
|
|
|
|
func (s *PortManager) pickEphemeralPort(offset, count uint32, testPort func(p uint16) (bool, *tcpip.Error)) (port uint16, err *tcpip.Error) {
|
|
|
|
for i := uint32(0); i < count; i++ {
|
|
|
|
port = uint16(FirstEphemeral + (offset+i)%count)
|
2018-04-27 17:37:02 +00:00
|
|
|
ok, err := testPort(port)
|
|
|
|
if err != nil {
|
|
|
|
return 0, err
|
|
|
|
}
|
|
|
|
|
|
|
|
if ok {
|
|
|
|
return port, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0, tcpip.ErrNoPortAvailable
|
|
|
|
}
|
|
|
|
|
2018-09-18 03:42:48 +00:00
|
|
|
// IsPortAvailable tests if the given port is available on all given protocols.
|
2019-09-27 21:12:35 +00:00
|
|
|
func (s *PortManager) IsPortAvailable(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool, bindToDevice tcpip.NICID) bool {
|
2018-09-18 03:42:48 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
2019-09-27 21:12:35 +00:00
|
|
|
return s.isPortAvailableLocked(networks, transport, addr, port, reuse, bindToDevice)
|
2018-09-18 03:42:48 +00:00
|
|
|
}
|
|
|
|
|
2019-09-27 21:12:35 +00:00
|
|
|
func (s *PortManager) isPortAvailableLocked(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool, bindToDevice tcpip.NICID) bool {
|
2018-09-18 03:42:48 +00:00
|
|
|
for _, network := range networks {
|
|
|
|
desc := portDescriptor{network, transport, port}
|
|
|
|
if addrs, ok := s.allocatedPorts[desc]; ok {
|
2019-09-27 21:12:35 +00:00
|
|
|
if !addrs.isAvailable(addr, reuse, bindToDevice) {
|
2018-09-18 03:42:48 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
// ReservePort marks a port/IP combination as reserved so that it cannot be
|
|
|
|
// reserved by another endpoint. If port is zero, ReservePort will search for
|
|
|
|
// an unreserved ephemeral port and reserve it, returning its value in the
|
|
|
|
// "port" return value.
|
2019-09-27 21:12:35 +00:00
|
|
|
func (s *PortManager) ReservePort(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool, bindToDevice tcpip.NICID) (reservedPort uint16, err *tcpip.Error) {
|
2018-04-27 17:37:02 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
|
|
|
// If a port is specified, just try to reserve it for all network
|
|
|
|
// protocols.
|
|
|
|
if port != 0 {
|
2019-09-27 21:12:35 +00:00
|
|
|
if !s.reserveSpecificPort(networks, transport, addr, port, reuse, bindToDevice) {
|
2018-04-27 17:37:02 +00:00
|
|
|
return 0, tcpip.ErrPortInUse
|
|
|
|
}
|
|
|
|
return port, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// A port wasn't specified, so try to find one.
|
|
|
|
return s.PickEphemeralPort(func(p uint16) (bool, *tcpip.Error) {
|
2019-09-27 21:12:35 +00:00
|
|
|
return s.reserveSpecificPort(networks, transport, addr, p, reuse, bindToDevice), nil
|
2018-04-27 17:37:02 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// reserveSpecificPort tries to reserve the given port on all given protocols.
|
2019-09-27 21:12:35 +00:00
|
|
|
func (s *PortManager) reserveSpecificPort(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, reuse bool, bindToDevice tcpip.NICID) bool {
|
|
|
|
if !s.isPortAvailableLocked(networks, transport, addr, port, reuse, bindToDevice) {
|
2018-09-18 03:42:48 +00:00
|
|
|
return false
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Reserve port on all network protocols.
|
2018-09-12 16:37:57 +00:00
|
|
|
for _, network := range networks {
|
|
|
|
desc := portDescriptor{network, transport, port}
|
2018-04-27 17:37:02 +00:00
|
|
|
m, ok := s.allocatedPorts[desc]
|
|
|
|
if !ok {
|
|
|
|
m = make(bindAddresses)
|
|
|
|
s.allocatedPorts[desc] = m
|
|
|
|
}
|
2019-09-27 21:12:35 +00:00
|
|
|
d, ok := m[addr]
|
|
|
|
if !ok {
|
|
|
|
d = make(deviceNode)
|
|
|
|
m[addr] = d
|
|
|
|
}
|
|
|
|
if n, ok := d[bindToDevice]; ok {
|
2018-12-28 19:26:01 +00:00
|
|
|
n.refs++
|
2019-09-27 21:12:35 +00:00
|
|
|
d[bindToDevice] = n
|
2018-12-28 19:26:01 +00:00
|
|
|
} else {
|
2019-09-27 21:12:35 +00:00
|
|
|
d[bindToDevice] = portNode{reuse: reuse, refs: 1}
|
2018-12-28 19:26:01 +00:00
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// ReleasePort releases the reservation on a port/IP combination so that it can
|
|
|
|
// be reserved by other endpoints.
|
2019-09-27 21:12:35 +00:00
|
|
|
func (s *PortManager) ReleasePort(networks []tcpip.NetworkProtocolNumber, transport tcpip.TransportProtocolNumber, addr tcpip.Address, port uint16, bindToDevice tcpip.NICID) {
|
2018-04-27 17:37:02 +00:00
|
|
|
s.mu.Lock()
|
|
|
|
defer s.mu.Unlock()
|
|
|
|
|
2018-09-12 16:37:57 +00:00
|
|
|
for _, network := range networks {
|
|
|
|
desc := portDescriptor{network, transport, port}
|
2018-09-18 03:42:48 +00:00
|
|
|
if m, ok := s.allocatedPorts[desc]; ok {
|
2019-09-27 21:12:35 +00:00
|
|
|
d, ok := m[addr]
|
|
|
|
if !ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
n, ok := d[bindToDevice]
|
2018-12-28 19:26:01 +00:00
|
|
|
if !ok {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
n.refs--
|
2019-09-27 21:12:35 +00:00
|
|
|
d[bindToDevice] = n
|
2018-12-28 19:26:01 +00:00
|
|
|
if n.refs == 0 {
|
2019-09-27 21:12:35 +00:00
|
|
|
delete(d, bindToDevice)
|
|
|
|
}
|
|
|
|
if len(d) == 0 {
|
2018-12-28 19:26:01 +00:00
|
|
|
delete(m, addr)
|
|
|
|
}
|
2018-09-18 03:42:48 +00:00
|
|
|
if len(m) == 0 {
|
|
|
|
delete(s.allocatedPorts, desc)
|
|
|
|
}
|
2018-04-27 17:37:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|